diff --git a/extra/shutils/regressiontest.py b/extra/shutils/regressiontest.py
index 6b280ef48..06cc37c5a 100644
--- a/extra/shutils/regressiontest.py
+++ b/extra/shutils/regressiontest.py
@@ -71,7 +71,7 @@ def main():
stdout, stderr = proc.communicate()
if stderr:
- msg = prepare_email("Execution of regression test failed with error: %s" % stderr)
+ msg = prepare_email("Execution of regression test failed with error:\n\n%s" % stderr)
send_email(msg)
sys.exit(1)
@@ -112,13 +112,15 @@ def main():
if parse:
content += " at parsing: %s:\n\n" % parse
content += "### Log file:\n\n"
- content += "%s\n" % log
+ content += "%s\n\n" % log
elif not detected:
content += " - SQL injection not detected\n\n"
+ else:
+ content += "\n\n"
if traceback:
- content += "\n\n### Traceback:\n\n"
- content += "%s\n" % str(traceback)
+ content += "### Traceback:\n\n"
+ content += "%s\n\n" % str(traceback)
content += "#######################################################################\n\n"
@@ -137,4 +139,3 @@ def main():
if __name__ == "__main__":
main()
-
diff --git a/lib/core/testing.py b/lib/core/testing.py
index ff4ed5258..137b0a7fb 100644
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@@ -139,6 +139,8 @@ def liveTest():
parse = []
switches = dict(global_)
value = ""
+ vulnerable = True
+ result = None
if case.hasAttribute("name"):
name = case.getAttribute("name")
@@ -165,12 +167,15 @@ def liveTest():
msg = "running live test case: %s (%d/%d)" % (name, count, length)
logger.info(msg)
- result = runCase(switches, parse)
+ try:
+ result = runCase(switches, parse)
+ except SqlmapNotVulnerableException:
+ vulnerable = False
test_case_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "test_case"), "wb", UNICODE_ENCODING)
test_case_fd.write("%s\n" % name)
- if result:
+ if result is True:
logger.info("test passed")
cleanCase()
else:
@@ -182,7 +187,7 @@ def liveTest():
errMsg += "- scan folder: %s " % paths.SQLMAP_OUTPUT_PATH
errMsg += "- traceback: %s" % bool(failedTraceBack)
- if result is False:
+ if not vulnerable:
errMsg += " - SQL injection not detected"
logger.error(errMsg)
diff --git a/plugins/dbms/firebird/enumeration.py b/plugins/dbms/firebird/enumeration.py
index 1f7fc8cab..16e444b8a 100644
--- a/plugins/dbms/firebird/enumeration.py
+++ b/plugins/dbms/firebird/enumeration.py
@@ -30,22 +30,12 @@ class Enumeration(GenericEnumeration):
return []
- def searchTable(self):
- warnMsg = "on Firebird searching of tables is not implemented"
- logger.warn(warnMsg)
-
- return []
-
def searchColumn(self):
- warnMsg = "on Firebird searching of columns is not implemented"
+ warnMsg = "on Firebird it is not possible to search columns"
logger.warn(warnMsg)
return []
- def search(self):
- warnMsg = "on Firebird search option is not available"
- logger.warn(warnMsg)
-
def getHostname(self):
warnMsg = "on Firebird it is not possible to enumerate the hostname"
logger.warn(warnMsg)
diff --git a/plugins/generic/search.py b/plugins/generic/search.py
index e4d6a89e6..e30b6ac33 100644
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@@ -10,6 +10,7 @@ from lib.core.common import arrayizeValue
from lib.core.common import Backend
from lib.core.common import filterPairValues
from lib.core.common import getLimitRange
+from lib.core.common import isInferenceAvailable
from lib.core.common import isNoneValue
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@@ -91,7 +92,8 @@ class Search:
for value in values:
value = safeSQLIdentificatorNaming(value)
foundDbs.append(value)
- else:
+
+ if len(foundDbs) == 0 and isInferenceAvailable() and not conf.direct:
infoMsg = "fetching number of database"
if dbConsider == "1":
infoMsg += "s like"
@@ -166,7 +168,7 @@ class Search:
for tbl in tblList:
tbl = safeSQLIdentificatorNaming(tbl, True)
- if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
+ if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD):
tbl = tbl.upper()
infoMsg = "searching table"
@@ -194,13 +196,14 @@ class Search:
query += whereDbsQuery
values = inject.getValue(query, blind=False, time=False)
- if Backend.isDbms(DBMS.SQLITE):
+ if values and Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
newValues = []
if isinstance(values, basestring):
values = [values]
for value in values:
- newValues.append(["SQLite%s" % METADB_SUFFIX, value])
+ dbName = "SQLite" if Backend.isDbms(DBMS.SQLITE) else "Firebird"
+ newValues.append(["%s%s" % (dbName, METADB_SUFFIX), value])
values = newValues
@@ -215,8 +218,9 @@ class Search:
foundTbls[foundDb].append(foundTbl)
else:
foundTbls[foundDb] = [foundTbl]
- else:
- if not Backend.isDbms(DBMS.SQLITE):
+
+ if len(foundTbls) == 0 and isInferenceAvailable() and not conf.direct:
+ if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
infoMsg = "fetching number of databases with table"
if tblConsider == "1":
infoMsg += "s like"
@@ -259,7 +263,8 @@ class Search:
if tblConsider == "2":
continue
else:
- foundTbls["SQLite%s" % METADB_SUFFIX] = []
+ dbName = "SQLite" if Backend.isDbms(DBMS.SQLITE) else "Firebird"
+ foundTbls["%s%s" % (dbName, METADB_SUFFIX)] = []
for db in foundTbls.keys():
db = safeSQLIdentificatorNaming(db)
@@ -271,7 +276,7 @@ class Search:
logger.info(infoMsg)
query = rootQuery.blind.count2
- if not Backend.isDbms(DBMS.SQLITE):
+ if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@@ -290,10 +295,17 @@ class Search:
for index in indexRange:
query = rootQuery.blind.query2
- if not Backend.isDbms(DBMS.SQLITE):
+
+ if Backend.isDbms(DBMS.FIREBIRD):
+ query = query % index
+
+ if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
query = query % unsafeSQLIdentificatorNaming(db)
+
query += " AND %s" % tblQuery
- query = agent.limitQuery(index, query)
+
+ if not Backend.isDbms(DBMS.FIREBIRD):
+ query = agent.limitQuery(index, query)
foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
kb.hintValue = foundTbl
@@ -436,7 +448,8 @@ class Search:
foundCols[column][db] = [tbl]
kb.data.cachedColumns = {}
- else:
+
+ if len(dbs) == 0 and isInferenceAvailable() and not conf.direct:
if not conf.db:
infoMsg = "fetching number of databases with tables containing column"
if colConsider == "1":
diff --git a/plugins/generic/users.py b/plugins/generic/users.py
index d0c8c4167..438c2929b 100644
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@@ -135,7 +135,7 @@ class Users:
if not kb.data.cachedUsers:
errMsg = "unable to retrieve the database users"
- raise SqlmapNoneDataException(errMsg)
+ logger.error(errMsg)
return kb.data.cachedUsers
diff --git a/xml/livetests.xml b/xml/livetests.xml
index d2b7d4d0a..0f3aa26b7 100644
--- a/xml/livetests.xml
+++ b/xml/livetests.xml
@@ -807,7 +807,7 @@